The CrowdStrike outage may not be the top headline today, but that does not mean the impact is a thing of the past. Delta is still digging out of the backlog, and computer systems are still coming back online for other companies.
The state of freight is still exposed to the CrowdStrike fallout. According to Niall van de Wouw, Xeneta’s chief airfreight officer, “These incidents can take three times as long to resolve as the length of time they last, but that is very much dependent on the scale of the IT failure and the market conditions at the time it occurs.”
Katie Arrington, vice president for government affairs at Exiger, a supply chain intelligence company used by the U.S. government and critical infrastructure industries for risk management, warned that computer interconnectivity creates a lot of risk, leaving industries vulnerable to such flaws.
“We have to increase the standards and requirements for managing these third-party computer updates,” said Arrington.
Microsoft wrote in its blog that the CrowdStrike update impacted 8.5 million Windows devices – less than 1% of all Windows machines. It’s remarkable to think all of this disruption was from just 1% of Windows devices.
In an analyst note downgrading CrowdStrike, Guggenheim analysts covering the company wrote: “Though this is an insignificant percentage, the economic and logistical fallout to corporations and individuals, respectively, was immense. It also reflects the popularity of CrowdStrike as a technology vendor. In addition, given that endpoint security is often granted unique access to the source code of Windows in order to protect it, the quality assurance of these updates is paramount. In other words, CrowdStrike had the ‘keys to the kingdom’ and the responsibility that goes along with that.”
The friendly skies are a part of the logistical kingdom, and there will be turbulence for supply chain managers to navigate in the days to come. Capacity in the marketplace was already limited.
“Shippers already had concerns about air freight capacity due to huge increases in demand in 2024, driven largely by the extraordinary growth in e-commerce goods being exported from China to Europe and the US,” said van de Wouw.
This latest IT failure is yet another reminder of how fragile our supply chain system is. We got our first wake up call during COVID, a reminder with the Red Sea diversions and now CrowdStrike. The world of trade still needs to build in redundancies.
Chad Sweet, former chief of staff for the first Homeland Security secretary, Michael Chertoff, and co-founder and CEO of The Chertoff Group, tells American Shipper that because these outages are increasing in frequency and impacting critical infrastructure, Congress and the executive branch could start holding hearings and proposing legislation or regulation on an issue that is impacting so many U.S. citizens.
“The US Government requires companies providing it enterprise software to self-attest it is meeting a government standard called the Secure Software Development Framework, or SSDF, that includes best practices on software updates that may have prevented the Crowdstrike crash that the world just witnessed,” said Sweet. “Thoughtful business leaders who recognize the benefits of getting ahead of this coming potential regulation are already striving to have their procurement departments require software suppliers to meet this Secure Software Development Framework.”
Sweet said all good corporate leaders should be calling their senior leadership teams in and asking, “What is our plan to maintain at least minimal operations in a disruption?”
“If you were not affected, don’t just sit back and have a sigh of relief. Use it as a wake up call within your own organization to do a hot wash of your enterprise’s backup and resiliency plans in the event of an outage – whether malicious or unintentional,” said Sweet.
The post CrowdStrike disruption far from over appeared first on FreightWaves.
